Stories by Lucian Constantin

Android SMS worm Selfmite returns, more aggressive than ever

A new version of an Android worm called Selfmite has the potential to ramp up huge SMS charges for victims in its attempt to spread to as many devices as possible.

Leaked programming manual may help criminals develop more ATM malware

A leaked programming manual for interacting with the physical components of automated teller machines might have helped attackers create malware programs that were used to steal cash from ATMs in various parts of the world this year.

Almost half of Android devices still have a vulnerable browser installed

Around 45 percent of Android devices have a browser that is vulnerable to two serious security issues, but some countries have a considerably larger percentage of affected users than others, according to data from mobile security firm Lookout.

Criminals use malware program to steal millions from ATMs around the world

Criminals have stolen millions of dollars from ATMs worldwide using a specialized malware program that forces the machines to dispense cash on command.

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system that many developers use to track and discuss bugs in their code.

Tools for creating malicious USB thumb drives released by security researchers

In a gambit aimed at driving manufacturers to beef up protections for USB flash drive firmware, two security researchers have released a collection of tools that can be used to turn those drives into silent malware installers.

Is that used iPad actually stolen? Apple creates tool for would-be buyers to check

If you're looking to buy a used iPhone, iPad or iPod touch device, Apple is now offering an online tool to let you first check if it's been locked down by the previous owner, which could indicate that it was actually stolen or lost.

Xen Project discloses serious vulnerability that impacts virtualized servers

The Xen Project has revealed the details of a serious vulnerability in the Xen hypervisor that could put the security of many virtualized servers at risk.

Hurry! Wait! Go! Joomla stumbles with patch for serious vulnerability

The Joomla project pushed out new updates for its popular content management system Wednesday after a glitch was found in the high-priority security patches it released a day before.

OpenVPN servers can be vulnerable to Shellshock Bash vulnerability

Virtual private network servers based on OpenVPN might be vulnerable to remote code execution attacks through Shellshock and other recent flaws that affect the Bash Unix shell.

Cisco, Oracle find dozens of their products affected by Shellshock

Cisco Systems and Oracle are hard at work identifying networking and other products in their portfolios that are affected by the critical Shellshock vulnerability.

Malvertising campaign delivers digitally signed CryptoWall ransomware

The cybercriminals behind the CryptoWall ransomware threat have stepped up their game and are digitally signing new samples before using them in attacks in an attempt to bypass antivirus detection.

Improved patch tackles new Shellshock attack vectors

System administrators who spent last week making sure their computers are patched against Shellshock, a critical vulnerability in the Bash Unix command-line interpreter, will have to install a new patch that addresses additional attack vectors.

Apple's iOS 8 fixes enterprise Wi-Fi authentication hijacking issue

Apple's iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.

New organization sets out to make secure communication tools more user-friendly

Google, Dropbox and the Open Technology Fund are supporting a new organization focused on making open-source security and privacy tools more user-friendly.